DELL T350 EMC PowerEdge Tower Server User Guide

June 5, 2024
Dell

DELL T350 EMC PowerEdge Tower Server

Pre-operating system management applications

You can manage the basic settings and features of a system without booting to the operating system by using the system firmware.

Options to manage the pre-operating system applications
You can use any one of the following options to manage the pre-operating system applications:

  • System Setup
  • Dell Lifecycle Controller
  • Boot Manager
  • Preboot Execution Environment (PXE)

Topics:

  • System Setup
  • Dell Lifecycle Controller
  • Boot Manager
  • PXE boot

System Setup

Using the System Setup option, you can configure the BIOS settings, iDRAC settings, and device settings of the system. You can access system setup by using any one of the following interfaces:

  • Graphical User interface — To access go to iDRAC Dashboard, click Configurations > BIOS Settings.
  • Text browser — To enable the text browser, use the Console Redirection.

To view System Setup, power on the system, press F2, and click System Setup Main Menu.

NOTE: If the operating system begins to load before you press F2, wait for the system to finish booting, and then restart the system and try again.

The options on the System Setup Main Menu screen are described in the following table:

Table 1. System Setup Main Menu

Option Description
System BIOS Enables you to configure the BIOS settings.
iDRAC Settings Enables you to configure the iDRAC settings. The iDRAC

settings utility is an interface to set up and configure the iDRAC parameters by using UEFI (Unified Extensible Firmware Interface). You can enable or disable various

iDRAC parameters by using the iDRAC settings utility. For more information about this utility, see Integrated Dell Remote Access Controller User’s Guide at www.dell.com/ poweredgemanuals.

Device Settings| Enables you to configure device settings for devices such as storage controllers or network cards.
Service Tag Settings| Enables you to configure the System Service Tag.

System BIOS

To view the System BIOS screen, power on the system, press F2, and click System Setup Main Menu > System BIOS.

Table 2. System BIOS details

Option Description
System Information Provides information about the system such as the

system model name, BIOS version, and Service Tag.
Memory Settings| Specifies information and options related to the installed memory.
Processor Settings| Specifies information and options related to the processor such as speed and cache size.
SATA Settings| Specifies options to enable or disable the integrated SATA controller and ports.
Boot Settings| Specifies options to specify the Boot mode (UEFI). Enables you to modify UEFI boot settings.
Network Settings| Specifies options to manage the UEFI network settings and boot protocols. Legacy network settings are managed from the Device Settings menu.

NOTE: Network Settings are not supported in BIOS boot mode.

Integrated Devices| Specifies options to manage integrated device controllers and ports, specifies related features, and options.
Serial Communication| Specifies options to manage the serial ports, its related features, and options.
System Profile Settings| Specifies options to change the processor power management settings, memory frequency.
System Security| Specifies options to configure the system security settings, such as system password, setup password, Trusted Platform Module (TPM) security, and UEFI secure boot. It also manages the power button on the system.
Redundant OS Control| Sets the redundant OS information for redundant OS control.
Miscellaneous Settings| Specifies options to change the system date and time.

System Information

To view the System Information screen, power on the system, press F2, and click System Setup Main Menu > System BIOS > System Information.

Table 3. System Information details

Option Description
System Model Name Specifies the system model name.
System BIOS Version Specifies the BIOS version installed on the system.
System Management Engine Version Specifies the current version of the

Management Engine firmware.
System Service Tag| Specifies the system Service Tag.
System Manufacturer| Specifies the name of the system manufacturer.
System Manufacturer Contact Information| Specifies the contact information of the system manufacturer.
System CPLD Version| Specifies the current version of the system complex programmable logic device (CPLD) firmware.
UEFI Compliance Version| Specifies the UEFI compliance level of the system firmware.

Memory Settings

To view the Memory Settings screen, power on the system, press F2, and click System Setup Main Menu > System BIOS Memory Settings.

Table 4. Memory Settings details

Option Description
System Memory Size Specifies the size of the system memory.
System Memory Type Specifies the type of memory installed in the

system.
System Memory Speed| Specifies the speed of the system memory.
System Memory Voltage| Specifies the voltage of the system memory.
Video Memory| Specifies the size video memory.
System Memory Testing| Specifies whether the system memory tests are run during system boot. The two options available are Enabled and Disabled. This option is set to Disabled by default.
Memory Operating Mode| Specifies the memory operating mode. The option is available and is set to

Optimizer Mode , by default.

Current State of Memory Operating Mode| Specifies the current state of the memory operating mode.
Memory training| When option is set to Fast and memory configuration is not changed, the system uses previously saved memory training parameters to train

the memory subsystems and system boot time is also reduced. If memory configuration is changed, the system automatically enables Retrain at Next boot to force one-time full memory training steps, and then go back to Fast afterward.

When option is set to Retrain at Next boot , the system performs the force one-time full memory training steps at next power on and boot time is slowed on next boot.

When option is set to Enabled , the system performs the force full memory training steps on every power on and boot time is slowed on every boot.

Correctable Error Logging| Enables or disables correctable error logging. This option is set to

Enabled by default.

Processor Settings

To view the Processor Settings screen, power on the system, press F2, and click System Setup Main Menu > System BIOS > Processor Settings.

Table 5. Processor Settings details

Option Description
Virtualization Technology Enables or disables the virtualization

technology for the processor. This option is set to

Enabled by default.

Adjacent Cache Line Prefetch| Optimizes the system for applications that need high utilization of sequential memory access. This option is set to Enabled by default. You can disable this option for applications that need high utilization of random memory access.
Hardware Prefetcher| Enables or disables the hardware prefetcher. This option is set to Enabled by default.

Table 5. Processor Settings details (continued)

Option Description
LLC Prefetch Enables or disables the LLC Prefetch on all threads. This

option is set to Enabled by default.
Dead Line LLC Alloc| Enables or disables the Dead Line LLC Alloc. This option is set to Enabled by default. You can enable this option to enter the dead lines in LLC or disable the option to not enter the dead lines in LLC.
Directory AtoS| Enables or disables the Directory AtoS. AtoS optimization reduces remote read latencies for repeat read accesses without intervening writes. This option is set to Disabled by default.
x2APIC Mode| Enables or disables x2APIC mode. This option is set to

Enabled by default.

NOTE: For two processors 64 cores configuration, x2APIC mode is not switchable if 256 threads are enabled (BIOS settings: All CCD, cores, and logical processors enabled).

Number of Cores per Processor| This option is set to All by default.
Processor Core Speed| Specifies the maximum core frequency of the processor.

Table 6. Processor n details

Option Description
Family-Model-Stepping Specifies the family, model, and stepping of the

processor as defined by Intel.
Brand| Specifies the brand name.
Level 2 Cache| Specifies the total L2 cache.
Level 3 Cache| Specifies the total L3 cache.
Microcode| Specifies the processor microcode version.

SATA Settings

To view the SATA Settings screen, power on the system, press F2, and click . System BIOS > SATA Settings.

Table 7. SATA Settings details

Option Description
Embedded SATA Enables the embedded SATA option to be set to Off ,

AHCI mode , or RAID modes. This option is set to AHCI Mode by default.

NOTE:

1. No ESXi and Ubuntu OS support under RAID mode.

Security Freeze Lock| Sends Security Freeze Lock command to the embedded SATA drives during POST. This option is applicable only for AHCI Mode. This option is set to Enabled by default.
Write Cache| Enables or disables the command for the embedded SATA drives during POST. This option is set to Disabled by default.
Port n| Sets the drive type of the selected device.

For AHCI Mode or RAID modes , BIOS support is always enabled.

Table 7. SATA Settings details (continued)

Option Description
Table 8. Port n
Options Descriptions
--- ---
Model Specifies the drive model of the selected device.
Drive Type Specifies the type of drive attached to the SATA port.
Capacity Specifies the total capacity of the drive. This field is

undefined for removable media devices such as optical drives.

Boot Settings

The Boot Settings only support UEFI mode.

  • UEFI: The Unified Extensible Firmware Interface (UEFI) is a new interface between operating systems and platform firmware. The interface consists of data tables with platform related information, and boot and runtime service calls that are available to the operating system and its loader. The following benefits are available when the Boot Mode is set to UEFI:
    • Support for drive partitions larger than 2 TB.
    • Enhanced security (e.g., UEFI Secure Boot).
    • Faster boot time.

To view the Boot Settings screen, power on the system, press F2, and click System BIOS > Boot Settings.

Table 9. Boot Settings detailsc

Option Description
Boot Sequence Retry Enables or disables the Boot sequence retry feature

or resets the system. When If this option is set to Enabled and the system fails to boot, the system re-attempts the boot sequence after 30 seconds. When this option is set to Reset and the system fails to boot, the system reboots immediately. This option is set to Enabled by default.
Generic USB Boot| Enables or disables the generic USB boot placeholder. This option is set to

Disabled by default.

Hard-disk Drive Placeholder| Enables or disables the Hard-disk drive placeholder. This option is set to Disabled

by default.

Clean all Sysprep order and variables| When this option is set to None , BIOS will do nothing. When set to Yes , BIOS will delete variables of SysPrep #### and SysPrepOrder this option is a onetime option, will reset to none when deleting variables. This setting is only available in UEFI Boot Mode. This option is set to None by default.
UEFI Boot Settings| Specifies the UEFI boot sequence. Enables or disables UEFI Boot options.

NOTE: This option controls the UEFI boot order. The first option in the list will be attempted first.

Table 10. UEFI Boot Settings

Option Description
UEFI Boot Sequence Enables you to change the boot device order.

B oo t O p t i o n s En a b l e / D i s a b l e| Enables you to select the enabled or disabled boot devices

Changing boot order

About this task
You may have to change the boot order if you want to boot from a USB key or an optical drive.

Steps

  1. On the System Setup Main Menu screen, click System BIOS > Boot Settings > UEFI Boot Settings > UEFI Boot Sequence.
  2. Use the arrow keys to select a boot device, and use the plus (+) and minus (-) sign keys to move the device down or up in the order.
  3. Click Exit, and then click Yes to save the settings on exit.
    NOTE: You can also enable or disable boot order devices as needed.

Network Settings

To view the Network Settings screen, power on the system, press F2, and click System Setup Main Menu > System BIOScNetwork Settings.
NOTE: Network Settings are not supported in BIOS boot mode.

Table 11. Network Settings details

Option Description
UEFI PXE Settings Enables you to control the configuration of the UEFI

PXE device.
PXE Device n (n = 1 to 4)| Enables or disables the device. When enabled, a UEFI PXE boot option is created for the device.
PXE Device n Settings (n = 1 to 4)| Enables you to control the configuration of the PXE device.
UEFI HTTP Settings| Enables you to control the configuration of the UEFI HTTP device.
HTTP Device n (n = 1 to 4)| Enables or disables the device. When enabled, a UEFI HTTP boot option is created for the device.
HTTP Device n Settings (n = 1 to 4)| Enables you to control the configuration of the HTTP device.
UEFI iSCSI Settings| Enables you to control the configuration of the iSCSI device.

Table 12. PXE Device n Settings details

Option Description
Interface Specifies NIC interface used for the PXE device.
Protocol Specifies Protocol used for PXE device. This option is set to

IPv4 or IPv6. This option is set to

IPv4 by default.

Vlan| Enables Vlan for PXE device. This option is set to Enable or Disable. This option is set to

Disable by default.

Vlan ID| Shows the Vlan ID for the PXE device
Vlan Priority| Shows the Vlan Priority for the PXE device.

Table 13. UEFI iSCSI Settings screen details

Option Description
iSCSI Initiator Name Specifies the name of the iSCSI initiator in IQN

format.
iSCSI Device1| Enables or disables the iSCSI device. When disabled, a UEFI boot option is created for the iSCSI device automatically. This is set to Disabled by default.

Table 13. UEFI iSCSI Settings screen details (continued)

Option Description
iSCSI Device1 Settings Enables you to control the configuration of the

iSCSI device.

Table 14. ISCSI Device1 Settings screen details

Option Description
Connection 1 Enables or disables the iSCSI connection. This option is

set to Disable by default.
Connection 2| Enables or disables the iSCSI connection. This option is set to Disable by default.
Connection 1 Settings| Enables you to control the configuration for the iSCSI connection.
Connection 2 Settings| Enables you to control the configuration for the iSCSI connection.
Connection Order| Enables you to control the order for which the iSCSI connections will be attempted.

Integrated Devices

To view the Integrated Devices screen, power on the system, press F2, and click System Setup Main Menu > System BIOS Integrated Devices.

Table 15. Integrated Devices details

Option Description
User Accessible USB Ports Configures the user accessible USB ports.

Selecting Only Back Ports On disables the front USB ports; selecting All Ports Off disables all front and back USB ports. This option is set to All Ports On by default.
The USB keyboard and mouse still function in certain USB ports during the boot process, depending on the selection. After the boot process is complete, the USB ports will be enabled or disabled as per the setting.
Internal USB Port| Enables or disables the internal USB port. This option is set to On or Off. This option is set to On by default.

NOTE: Internal USB port is only effective for T150, but T350/R350/R250 are not because hardware does not support.

iDRAC Direct USB Port| The iDRAC Direct USB port is managed by iDRAC exclusively with no host visibility. This option is set to ON or OFF. When set to OFF , iDRAC does not detect any USB devices installed in this managed port. This option is set to On by default.
Embedded NIC1 and NIC2| Enables or disables the Embedded NIC1 and NIC2. If set to Disabled (OS) , the NIC may still be available for shared network access by the embedded management controller. Configure the Embedded NIC1 and NIC2 option by using the NIC management utilities of the system. This option is set to Enabled by default.
I / O A T D M A En g i n e| Enables or disables the I/O Acceleration Technology (I/OAT) option. I/OAT is a set of DMA features designed to accelerate network traffic and lower CPU utilization. Enable only if the hardware and software support the feature. This option is set to Disabled by default.
Embedded Video Controller| Enables or disables the use of Embedded Video Controller as the primary display. When set to Enabled , the Embedded Video Controller will be the primary display even if add-in graphic cards are installed. When set to Disabled , an add-in graphics card is used as the primary display. BIOS will output displays to both the primary add-in video and the embedded video during POST and preboot environment. The embedded video will then be disabled right before the operating system boots. This option is set to Enabled by default.

Table 15. Integrated Devices details (continued)

Option Description
NOTE: When there are multiple add-in graphic cards installed in the

system, the first card discovered during PCI enumeration is selected as the primary video. You might have to rearrange the cards in the slots in order to control which card is the primary video.
Current State of Embedded Video Controller| Displays the current state of the embedded video controller. The Current State of Embedded Video Controller option is a read-only field. If the Embedded Video Controller is the only display capability in the system (that is, no add-in graphics card is installed), then the Embedded Video Controller is automatically used as the primary display even if the Embedded Video Controller setting is set to Disabled.
OS Watchdog Timer| If your system stops responding, this watchdog timer aids in the recovery of your operating system. When this option is set to Enabled , the operating

system initializes the timer. When this option is set to Disabled (the default), the timer does not have any effect on the system.

Empty Slot Unhide| Enables or disables the root ports of all the empty slots that are accessible to the BIOS and operating system. This option is set to Disabled by default.
Memory Mapped I/O above 4 GB| Enables or disables the support for the PCIe devices that need large amounts of memory. Enable this option only for 64-bit operating systems. This option is set to Enabled by default.
Slot Disablement| Enables or disables the available PCIe slots on your system. The slot disablement feature controls the configuration of the PCIe cards installed in the specified slot. Slots must be disabled only when the installed peripheral card prevents booting into the operating system or causes delays in system startup. If the slot is disabled, both the Option ROM and UEFI drivers are disabled. Only slots that are present on the system will be available for control.

Serial Communication

To view the Serial Communication screen, power on the system, press F2, and click System Setup Main Menu > System BIOS > Serial Communication.

NOTE: The serial port is optional for the PowerEdge T350 system. The Serial Communication option is applicable only if the serial COM port is installed in the system.

Table 16. Serial Communication details

Option Description
Serial Communication Enables the serial communication options. Selects

serial communication devices (Serial Device 1 and Serial Device 2) in BIOS. BIOS console redirection can also be enabled, and the port address can be specified.
Serial Port Address| Enables you to set the port address for serial devices. This option is set to

Serial Device1=COM2, Serial Device 2=COM1 by default.

NOTE: You can use only Serial Device 2 for the Serial Over LAN (SOL) feature. To use console redirection by SOL, configure the same port address for console redirection and the serial device.

NOTE: Every time the system boots, the BIOS syncs the serial MUX setting that is saved in iDRAC. The serial MUX setting can independently be changed in iDRAC. Loading the BIOS default settings from within the BIOS setup utility may not always revert the serial MUX setting to the default setting of Serial Device 1.

External Serial Connector| Enables you to associate the External Serial Connector to Serial Device 1 , Serial Device 2 , or the Remote Access Device by using this option. This option is set to Serial Device 1 by default.

Table 16. Serial Communication details (continued)

Option Description
NOTE: Only Serial Device 2 can be used for Serial Over LAN (SOL).

To use console redirection by SOL, configure the same port address for console redirection and the serial device.

NOTE: Every time the system boots, the BIOS syncs the serial MUX setting saved in iDRAC. The serial MUX setting can independently be changed in iDRAC. Loading the BIOS default settings from within the BIOS setup utility may not always revert this setting to the default setting of Serial Device 1.

Failsafe Baud Rate| Specifies the failsafe baud rate for console redirection. The BIOS attempts to determine the baud rate automatically. This failsafe baud rate is used only if the attempt fails, and the value must not be changed. This option is set to 115200 by default.
Remote Terminal Type| Sets the remote console terminal type. This option is set to V T 1 00 / V T 22 0 by default.
Redirection After Boot| Enables or disables the BIOS console redirection when the operating system is loaded. This option is set to Enabled by default.

System Profile Settings

To view the System Profile Settings screen, power on the system, press F2, and click System Setup Main Menu > System BIOS > System Profile Settings.

Table 17. System Profile Settings details

Option Description
System Profile Sets the system profile. If you set the System Profile

option to a mode other than Custom , the BIOS automatically sets the rest of the options. You can only change the rest of the options if the mode is set to Custom. This option is set to Performance Per Watt (OS) by default. Other options include Performance and Custom.

NOTE: All the parameters on the system profile setting screen are available only when the System Profile option is set to Custom.

CPU Power Management| Sets the CPU power management. This option is set to OS DBPM by default. Other option includes Maximum Performance.
Memory Frequency| Sets the speed of the system memory. This option is set to Maximum Performance by default.
Turbo Boost| Enables or disables the processor to operate in the turbo boost mode. This option is set to

Enabled by default.

C1E| Enables or disables the processor to switch to a minimum performance state when it is idle. This option is set to Enabled by default.
C States| Enables or disables the processor to operate in all available power states. C States allow the processor to enter lower power states when idle. When set to Enabled (OS controlled) or when set to Autonomous (if hardware controlled is supported), the processor can operate in all available Power States to save power, but may increase memory latency and frequency jitter. This option is set to Enabled by default.
Memory Refresh Rate| Sets the memory refresh rate to either 1x or 2x. This option is set to 1x by default.
Uncore Frequency| Enables you to select the Uncore Frequency option. Dynamic mode enables the processor to optimize power resources across cores and uncores during runtime. The optimization of the uncore frequency to either save power or optimize performance is influenced by the setting of the Energy Efficiency Policy option.

Table 17. System Profile Settings details (continued)

Option Description
M o n i t o r / M w ai t

Enables the Monitor/Mwait instructions in the processor. This option is set to Enabled for all system profiles, except Custom by default.

NOTE: This option can be disabled only if the C States option in the Custom mode is set to disabled.

NOTE: When C States is set to Enabled in the Custom mode, changing the Monitor/ Mwait setting does not impact the system power or performance.

PCI ASPM L1 Link Power Management| Enables or disables the PCI ASPM L1 Link Power Management. This option is set to

Enabled by default.

System Security

To view the System Security screen, power on the system, press F2, and click System Setup Main Menu > System BIOS > System Security.

Table 18. System Security details

Option Description
CPU AES-NI Improves the speed of applications by performing encryption

and decryption by using the Advanced Encryption Standard Instruction Set (AES- NI). This option is set to Enabled by default.
System Password| Sets the system password. This option is set to Enabled by default and is read-only if the password jumper is not installed in the system.
Setup Password| Sets the setup password. This option is read-only if the password jumper is not installed in the system.
Password Status| Locks the system password. This option is set to Unlocked by default.
TPM Information| Indicates the type of Trusted Platform Module, if present.

Table 19. TPM 2.0 security information

Option Description

TPM Information
TPM Security| NOTE: The TPM menu is available only when the TPM module is installed.

Enables you to control the reporting mode of the TPM. The TPM Security option is set to Off by default. You can only modify the TPM Status, and TPM Activation if the TPM Status field is set to either On with Pre-boot Measurements or On without Pre-boot Measurements.

When TPM 2.0 is installed, the TPM Security option is set to On or Off. This option is set to Off by default.

TPM Information| Changes the operational state of the TPM. This option is set to No Change by default.
TPM Firmware| Indicates the firmware version of the TPM.
TPM Hierarcy| Enables, disables, or clears the storage and endorsement hierarchies. When set to Enabled , the storage and endorsement hierarchies can be used.

When set to Disabled , the storage and endorsement hierarchies cannot be used.

When set to Clear , the storage and endorsement hierarchies are cleared of any values, and then reset to Enabled.

TPM Advanced Settings| Specifies TPM Advanced Settings details.

Table 20. System Security details

Option Description
Intel(R) TXT Enables you to set the Intel Trusted Execution Technology

(TXT) option. To enable

the Intel TXT option, virtualization technology and TPM Security must be enabled with Pre-boot measurements. This option is set to Off by default. It is set On for Secure Launch (Firmware Protection) support on Windows 2022.

Intel(R) SGX| Enables you to set the Intel Software Guard Extension (SGX) option. To enable the Intel SGX option, processor must be SGX capable, memory population must be compatible (minimum x8 identical DIMM1 to DIMM8 per CPU socket, not support on persistent memory configuration), memory operating mode must be set at optimizer mode, memory encryption must be enabled and node interleaving must be disabled. This option is set to Off by default. When this option is to Off , BIOS disables the SGX technology. When this option is to On , BIOS enables the SGX technology.
Software Guard Extensions Epoch n : Sets the Software Guard Extensions Epoch values.| ****

















Enables or disables the power button on the front of the system. This option is set to

Disabled by default.

SGX LE Public Key Hash0 : Sets the bytes from 0-7 for SGX Launch Enclave Public Key Hash.
SGX LE Public Key Hash1 : Sets the bytes from 8-15 for SGX Launch Enclave Public Key Hash.
SGX LE Public Key Hash2 : Sets the bytes from 16-23 for SGX Launch Enclave Public Key Hash.
SGX LE Public Key Hash3 : Sets the bytes from 24-31 for SGX Launch Enclave Public Key Hash.
Power Button
AC Power Recovery| Sets how the system behaves after AC power is restored to the system. This option is set to Last by default.

NOTE: The host system will not power on up until iDRAC Root of Trust (RoT) is completed, host power on will be delayed by minimum 90 seconds after the AC applied.

AC Power Recovery Delay| Sets the time delay for the system to power up after AC power is restored to

the system. This option is set to Immediate by default. When this option is set to Immediate , there is no delay for power up. When this option is set to Random , the system creates a random delay for power up. When this option is set to User Defined , the system delay time is manually to power up.

User Defined Delay (60 s to 600 s)| Sets the User Defined Delay option when the User Defined option for AC Power Recovery Delay is selected. The actual AC recovery time needs to add iDRAC root of trust time (around 50 seconds).
UEFI Variable Access| Provides varying degrees of securing UEFI variables. When set to Standard (the default), UEFI variables are accessible in the operating system per the UEFI specification. When set to Controlled , selected UEFI variables are protected in the environment and new UEFI boot entries are forced to be at the end of the current boot order.
In-Band Manageability Interface| When set to Disabled , this setting hides the Management Engine’s (ME), HECI devices, and the system’s IPMI devices from the operating system. This prevents the operating system from changing the ME power capping settings, and blocks access to all in-

band management tools. All management should be managed through out-of-band. This option is set to Enabled by default.

Table 20. System Security details (continued)

Option Description
NOTE: BIOS update requires HECI devices to be operational and DUP

updates require IPMI interface to be operational. This setting needs to be set to Enabled to avoid updating errors.
SMM Security Migration| Enables or disables the UEFI SMM security migration protections. It is enabled for Windows 2022 support.
Secure Boot| Enables Secure Boot, where the BIOS authenticates each pre- boot image by using the certificates in the Secure Boot Policy. Secure Boot is set to Disabled by default.
Secure Boot Policy| When Secure Boot policy is set to Standard , the BIOS uses the system manufacturer’s key and certificates to authenticate pre- boot images. When Secure Boot policy is set to Custom , the BIOS uses the user-defined key and certificates. Secure Boot policy is set to Standard by default.
Secure Boot Mode| Configures how the BIOS uses the Secure Boot Policy Objects (PK, KEK, db, dbx).

If the current mode is set to Deployed Mode , the available options are User Mode and Deployed Mode. If the current mode is set to User Mode , the available options are User Mode , Audit Mode , and Deployed Mode.


Table 21. Secure Boot Mode

Secure Boot Policy Summary| Specifies the list of certificates and hashes that secure boot uses to authenticate images.
Secure Boot Custom Policy Settings| Configures the Secure Boot Custom Policy. To enable this option, set the Secure Boot Policy to Custom option.
Options| Descriptions
---|---
User Mode| In User Mode , PK must be installed, and BIOS performs signature verification on programmatic attempts to update policy objects.

The BIOS allows unauthenticated programmatic transitions between modes.

Audit mode| In Audit Mode , PK is not present. BIOS does not authenticate programmatic update to the policy objects and transitions between modes. The BIOS performs a signature verification on pre-boot images and logs the results in the image Execution Information Table, but executes the images whether they pass or fail verification.

Audit Mode is useful for programmatic determination of a working set of policy objects.

Deployed Mode| Deployed Mode is the most secure mode. In Deployed Mode , PK must be installed and the BIOS performs signature verification on programmatic attempts to update policy objects.

Deployed Mode restricts the programmatic mode transitions.

Creating a system and setup password

Prerequisites
Ensure that the password jumper is enabled. The password jumper enables or disables the system password and setup password features. For more information, see the System board jumper settings section.

NOTE: If the password jumper setting is disabled, the existing system password and setup password are deleted and you need not provide the system password to boot the system.

Steps

  1. To enter System Setup, press F2 immediately after turning on or rebooting your system.
  2. On the System Setup Main Menu screen, click System BIOS > System Security.
  3. On the System Security screen, verify that Password Status is set to Unlock.
  4. In the System Password field, type your system password, and press Enter or Tab. Use the following guidelines to assign the system password:
    • A password can have up to 32 characters. A message prompts you to reenter the system password.
  5. Reenter the system password, and click OK.
  6. In the Setup Password field, type your setup password and press Enter or Tab.  a message prompts you to reenter the setup password.
  7. Reenter the setup password, and click OK.
  8. Press Esc to return to the System BIOS screen. Press Esc again. A message prompts you to save the changes.

NOTE: Password protection does not take effect until the system reboots.

Using your systemsystem password to secure your system

About this task
If you have assigned a setup password, the system accepts your setup password as an alternate system password.

Steps

  1. Turn on or reboot your system.
  2. Type the system password and press Enter.

Next steps
When Password Status is set to Locked, type the system password and press Enter when prompted at reboot.

NOTE: If an incorrect system password is typed, the system displays a message and prompts you to reenter your password. You have three attempts to type the correct password. After the third unsuccessful attempt, the system displays an error message that the system has stopped functioning and must be turned off. Even after you turn off and restart the system, the error message is displayed until the correct password is entered.

Deleting or changing system and setup password

Prerequisites

NOTE: You cannot delete or change an existing system or set up a password if the Password Status is set to Lock.

Steps

  1. To enter System Setup, press F2 immediately after turning on or restarting your system.
  2. On the System Setup Main Menu screen, click System BIOS > System Security.
  3. On the System Security screen, ensure that Password Status is set to Unlock.
  4. In the System Password field, alter or delete the existing system password, and then press Enter or Tab.
  5. In the Setup Password field, alter or delete the existing setup password, and then press Enter or Tab. If you change the system and set up a password, a message prompts you to reenter the new password. If you delete the system and set up a password, a message prompts you to confirm the deletion.
  6. Press Esc to return to the System BIOS screen. Press Esc again, and a message prompts you to save the changes.
  7. Select Setup Password, change or delete the existing setup password, and press Enter or Tab.

NOTE: If you change the system password or setup password, a message prompts you to reenter the new password. If you delete the system password or setup password, a message prompts you to confirm the deletion.

Operating with setup password enabled

If Setup Password is set to Enabled, type the correct setup password before modifying the system setup options. If you do not type the correct password in three attempts, the system displays the following message: Even after you power off and restart the system, the error message is displayed until the correct password is typed. The following options are exceptions:

  • If System Password is not set to Enabled and is not locked through the Password Status option, you can assign a system password. For more information, see the System Security Settings screen section.
  • You cannot disable or change an existing system password.
    NOTE: You can use the password status option with the setup password option to protect the system password from unauthorized changes.

Redundant OS Control

To view the Redundant OS Control screen, power on the system, press F2, and click System Setup Main Menu > System BIOS > Redundant OS Control.

Table 22. Redundant OS Control details

Option Description
Redundant OS Location Enables you to select a backup disk from the

following devices:

●       None

●       BOSS PCIe Cards (Internal M.2 Drives)

●       SATA Port A

Redundant OS State| NOTE: This option is disabled if Redundant OS Location is set to None.

When set to Visible , the backup disk is visible to the boot list and OS. When set to Hidden , the backup disk is disabled and is not visible to the boot list and OS. This option is set to Visible by default.

NOTE: BIOS disables the device in hardware, so it is not accessed by the OS.

Redundant OS Boot| NOTE: This option is disabled if Redundant OS Location is set to None or if

Redundant OS State is set to Hidden.

When set to Enabled , BIOS boots to the device specified in Redundant OS Location. When set to Disabled , BIOS preserves the current boot list settings. This option is set to Disabled by default.

Miscellaneous Settings

To view the Miscellaneous Settings screen, power on the system, press F2, and click System Setup Main Menu > System BIOS > Miscellaneous Settings.

Table 23. Miscellaneous Settings details

Option Description
System Time Enables you to set the time on the system.
System Date Enables you to set the date on the system.
Asset Tag Specifies the asset tag and enables you to modify it for

security and tracking purposes.

iDRAC Settings

The iDRAC settings is an interface to set up and configure the iDRAC parameters by using UEFI. You can enable or disable various iDRAC parameters by using the iDRAC settings.
NOTE: Accessing some of the features on the iDRAC settings needs the iDRAC Enterprise License upgrade.For more information about using iDRAC, see Dell Integrated Dell Remote Access Controller User’s Guide at https:// www.dell.com/idracmanuals.

Device Settings
Device Settings enables you to configure device parameters such as storage controllers or network cards.

Service Tag Settings
Service Tag Settings enables you to configure the System Service Tag.

Dell Lifecycle Controller

Dell Lifecycle Controller (LC) provides advanced embedded systems management capabilities including system deployment, configuration, update, maintenance, and diagnosis. LC is delivered as part of the iDRAC out-of-band solution and Dell system embedded Unified Extensible Firmware Interface (UEFI) applications.

Embedded system management
The Dell Lifecycle Controller provides advanced embedded system management throughout the lifecycle of the system. The Dell Lifecycle Controller is started during the boot sequence and functions independently of the operating system.

NOTE: Certain platform configurations may not support the full set of features provided by the Dell Lifecycle Controller. For more information about setting up the Dell Lifecycle Controller, configuring hardware and firmware, and deploying the operating system, see the Dell Lifecycle Controller documentation at https://www.dell.com/idracmanuals.

Boot Manager

The Boot Manager option enables you to select boot options and diagnostic utilities. To enter Boot Manager, power on the system and press F11.

Table 24. Boot Manager details

Option Description
Continue Normal Boot The system attempts to boot to devices starting

with the first item in the boot order. If the boot attempt fails, the system continues with the next item in the boot order until the boot is successful or no more boot options are found.
One-shot Boot Menu| Enables you to access boot menu, where you can select a one-time boot device to boot from.
Launch System Setup| Enables you to access System Setup.
Launch Lifecycle Controller| Exits the Boot Manager and invokes the Dell Lifecycle Controller program.
System Utilities| Enables you to launch System Utilities menu such as Launch Diagnostics, BIOS update File Explorer, Reboot System.

PXE boot

You can use the Preboot Execution Environment (PXE) option to boot and configure the networked systems remotely. To access the PXE boot option, boot the system and then press F12 during POST instead of using the standard Boot Sequence from BIOS Setup. It does not pull any menu or allow the managing of network devices.

Read User Manual Online (PDF format)

Read User Manual Online (PDF format)  >>

Download This Manual (PDF format)

Download this manual  >>

Related Manuals